Conduct a thorough threat modeling exercise for a public REST API used for processing international bank transfers. Identify potential vulnerabilities based on the OWASP Top 10, focusing specifically on Broken Access Control, Cryptographic Failures, and Injection. For each identified threat, propose a mitigation strategy involving code-level changes, infrastructure configurations, and monitoring protocols. Explain how you would implement OAuth 2.0 with PKCE and Mutual TLS for secure service-to-service communication.